a10_rule_set_rule

Synopsis

Configure rule-set rule

Parameters

Parameters

Choices/Defaults

Comment

state

str/required

[‘noop’, ‘present’, ‘absent’]

State of the object to be created.

ansible_host

str/required

Host for AXAPI authentication

ansible_username

str/required

Username for AXAPI authentication

ansible_password

str/required

Password for AXAPI authentication

ansible_port

int/required

Port for AXAPI authentication

a10_device_context_id

int

[‘1-8’]

Device ID for aVCS configuration

a10_partition

str

Destination/target partition for object/command

rule_set_name

str/required

Key to identify parent object

name

str/required

Rule name

remark

str

Rule entry comment (Notes for this rule)

status

str

‘enable’= Enable rule; ‘disable’= Disable rule;

action

str

‘permit’= permit; ‘deny’= deny; ‘reset’= reset;

log

bool

Enable logging

reset_lid

int

Apply a Template LID

listen_on_port

bool

Listen on port

policy

str

‘cgnv6’= Apply CGNv6 policy; ‘forward’= Forward packet;

forward_listen_on_port

bool

Listen on port

lid

int

Apply a Template LID

listen_on_port_lid

int

Apply a Template LID

fw_log

bool

Enable logging

fwlog

bool

Enable logging

cgnv6_log

bool

Enable logging

forward_log

bool

Enable logging

lidlog

bool

Enable logging

reset_lidlog

bool

Enable logging

listen_on_port_lidlog

bool

Enable logging

cgnv6_policy

str

‘lsn-lid’= Apply specified CGNv6 LSN LID; ‘fixed-nat’= Apply CGNv6 Fixed NAT;

cgnv6_fixed_nat_log

bool

Enable logging

cgnv6_lsn_lid

int

LSN LID

cgnv6_lsn_log

bool

Enable logging

ip_version

str

‘v4’= IPv4 rule; ‘v6’= IPv6 rule;

src_class_list

str

Match source IP against class-list

src_geoloc_name

str

Single geolocation name

src_geoloc_list

str

Geolocation name list

src_geoloc_list_shared

bool

Use Geolocation list from shared partition

src_ipv4_any

str

‘any’= Any IPv4 address;

src_ipv6_any

str

‘any’= Any IPv6 address;

source_list

list

Field source_list

src_ip_subnet

str

IPv4 IP Address

src_ipv6_subnet

str

IPv6 IP Address

src_obj_network

str

Network object

src_obj_grp_network

str

Network object group

src_slb_server

str

SLB Real server name

src_zone

str

Zone name

src_zone_any

str

‘any’= any;

src_threat_list

str

Bind threat-list for source IP based filtering

dst_class_list

str

Match destination IP against class-list

dst_geoloc_name

str

Single geolocation name

dst_geoloc_list

str

Geolocation name list

dst_geoloc_list_shared

bool

Use Geolocation list from shared partition

dst_ipv4_any

str

‘any’= Any IPv4 address;

dst_ipv6_any

str

‘any’= Any IPv6 address;

dest_list

list

Field dest_list

dst_ip_subnet

str

IPv4 IP Address

dst_ipv6_subnet

str

IPv6 IP Address

dst_obj_network

str

Network object

dst_obj_grp_network

str

Network object group

dst_slb_server

str

SLB Real server name

dst_slb_vserver

str

SLB Virtual server name

dst_domain_list

str

Match destination IP against domain-list

dst_zone

str

Zone name

dst_zone_any

str

‘any’= any;

dst_threat_list

str

Bind threat-list for destination IP based filtering

service_any

str

‘any’= any;

service_list

list

Field service_list

protocols

str

‘tcp’= tcp; ‘udp’= udp; ‘sctp’= sctp;

proto_id

int

Protocol ID

obj_grp_service

str

service object group

icmp

bool

ICMP

icmpv6

bool

ICMPv6

icmp_type

int

ICMP type number

special_type

str

‘any-type’= Any ICMP type; ‘echo-reply’= Type 0, echo reply; ‘echo-request’= Type 8, echo request; ‘info-reply’= Type 16, information reply; ‘info-request’= Type 15, information request; ‘mask-reply’= Type 18, address mask reply; ‘mask- request’= Type 17, address mask request; ‘parameter-problem’= Type 12, parameter problem; ‘redirect’= Type 5, redirect message; ‘source-quench’= Type 4, source quench; ‘time-exceeded’= Type 11, time exceeded; ‘timestamp’= Type 13, timestamp; ‘timestamp-reply’= Type 14, timestamp reply; ‘dest-unreachable’= Type 3, destination unreachable;

icmp_code

int

ICMP code number

special_code

str

‘any-code’= Any ICMP code; ‘frag-required’= Code 4, fragmentation required; ‘host-unreachable’= Code 1, destination host unreachable; ‘network- unreachable’= Code 0, destination network unreachable; ‘port-unreachable’= Code 3, destination port unreachable; ‘proto-unreachable’= Code 2, destination protocol unreachable; ‘route-failed’= Code 5, source route failed;

icmpv6_type

int

ICMPv6 type number

special_v6_type

str

‘any-type’= Any ICMPv6 type; ‘dest-unreachable’= Type 1, destination unreachable; ‘echo-reply’= Type 129, echo reply; ‘echo-request’= Type 128, echo request; ‘packet-too-big’= Type 2, packet too big; ‘param-prob’= Type 4, parameter problem; ‘time-exceeded’= Type 3, time exceeded;

icmpv6_code

int

ICMPv6 code number

special_v6_code

str

‘any-code’= Any ICMPv6 code; ‘addr-unreachable’= Code 3, address unreachable; ‘admin-prohibited’= Code 1, admin prohibited; ‘no-route’= Code 0, no route to destination; ‘not-neighbour’= Code 2, not neighbor; ‘port-unreachable’= Code 4, destination port unreachable;

eq_src_port

int

Equal to the port number

gt_src_port

int

Greater than the port number

lt_src_port

int

Lower than the port number

range_src_port

int

Port range (Starting Port Number)

port_num_end_src

int

Ending Port Number

eq_dst_port

int

Equal to the port number

gt_dst_port

int

Greater than the port number

lt_dst_port

int

Lower than the port number

range_dst_port

int

Port range (Starting Port Number)

port_num_end_dst

int

Ending Port Number

sctp_template

str

SCTP Template

alg

str

‘FTP’= FTP; ‘TFTP’= TFTP; ‘SIP’= SIP; ‘DNS’= DNS; ‘PPTP’= PPTP; ‘RTSP’= RTSP;

gtp_template

str

Configure GTP template (GTP Template Name)

idle_timeout

int

TCP/UDP idle-timeout

application_any

str

‘any’= any;

app_list

list

Field app_list

obj_grp_application

str

Application object group

protocol

str

Specify application(s)

protocol_tag

str

‘aaa’= Protocol/application used for AAA (Authentification, Authorization and Accounting) purposes.; ‘adult-content’= Adult content.; ‘advertising’= Advertising networks and applications.; ‘analytics-and-statistics’= user- analytics and statistics.; ‘anonymizers-and-proxies’= Traffic-anonymization protocol/application.; ‘audio-chat’= Protocol/application used for Audio Chat.; ‘basic’= Protocols required for basic classification, e.g., ARP, HTTP; ‘blog’= Blogging platform.; ‘cdn’= Protocol/application used for Content-Delivery Networks.; ‘chat’= Protocol/application used for Text Chat.; ‘classified-ads’= Protocol/application used for Classified ads.; ‘cloud-based-services’= SaaS and/or PaaS cloud based services.; ‘crowdfunding’= Service for funding a project or venture by raising small amounts of money from a large number of people.; ‘cryptocurrency’= Cryptocurrency.; ‘database’= Database-specific protocols.; ‘disposable-email’= Disposable email accounts.; ‘ebook-reader’= Services for e-book readers.; ‘email’= Native email protocol.; ‘enterprise’= Protocol/application used in an enterprise network.; ‘file-management’= Protocol/application designed specifically for file management and exchange, e.g., Dropbox, SMB; ‘file-transfer’= Protocol that offers file transferring as a functionality as a secondary feature. e.g., Skype, Whatsapp; ‘forum’= Online forum.; ‘gaming’= Protocol/application used by games.; ‘instant-messaging-and- multimedia-conferencing’= Protocol/application used for Instant messaging or multiconferencing.; ‘internet-of-things’= Internet Of Things protocol/application.; ‘mobile’= Mobile-specific protocol/application.; ‘map- service’= Digital Maps service.; ‘multimedia-streaming’= Protocol/application used for multimedia streaming.; ‘networking’= Protocol used for (inter) networking purpose.; ‘news-portal’= Protocol/application used for News Portals.; ‘peer-to-peer’= Protocol/application used for Peer-to-peer purposes.; ‘remote-access’= Protocol/application used for remote access.; ‘scada’= SCADA (Supervisory control and data acquisition) protocols, all generations.; ‘social-networks’= Social networking application.; ‘software-update’= Auto- update protocol.; ‘standards-based’= Protocol issued from standardized bodies such as IETF, ITU, IEEE, ETSI, OIF.; ‘transportation’= Transportation.; ‘video- chat’= Protocol/application used for Video Chat.; ‘voip’= Application used for Voice over IP.; ‘vpn-tunnels’= Protocol/application used for VPN or tunneling purposes.; ‘web’= Application based on HTTP/HTTPS.; ‘web-e-commerce’= Protocol/application used for E-commerce websites.; ‘web-search-engines’= Protocol/application used for Web search portals.; ‘web-websites’= Protocol/application used for Company Websites.; ‘webmails’= Web email application.; ‘web-ext-adult’= Web Extension Adult; ‘web-ext-auctions’= Web Extension Auctions; ‘web-ext-blogs’= Web Extension Blogs; ‘web-ext-business- and-economy’= Web Extension Business and Economy; ‘web-ext-cdns’= Web Extension CDNs; ‘web-ext-collaboration’= Web Extension Collaboration; ‘web-ext-computer- and-internet-info’= Web Extension Computer and Internet Info; ‘web-ext- computer-and-internet-security’= Web Extension Computer and Internet Security; ‘web-ext-dating’= Web Extension Dating; ‘web-ext-educational-institutions’= Web Extension Educational Institutions; ‘web-ext-entertainment-and-arts’= Web Extension Entertainment and Arts; ‘web-ext-fashion-and-beauty’= Web Extension Fashion and Beauty; ‘web-ext-file-share’= Web Extension File Share; ‘web-ext- financial-services’= Web Extension Financial Services; ‘web-ext-gambling’= Web Extension Gambling; ‘web-ext-games’= Web Extension Games; ‘web-ext-government’= Web Extension Government; ‘web-ext-health-and-medicine’= Web Extension Health and Medicine; ‘web-ext-individual-stock-advice-and-tools’= Web Extension Individual Stock Advice and Tools; ‘web-ext-internet-portals’= Web Extension Internet Portals; ‘web-ext-job-search’= Web Extension Job Search; ‘web-ext- local-information’= Web Extension Local Information; ‘web-ext-malware’= Web Extension Malware; ‘web-ext-motor-vehicles’= Web Extension Motor Vehicles; ‘web-ext-music’= Web Extension Music; ‘web-ext-news’= Web Extension News; ‘web- ext-p2p’= Web Extension P2P; ‘web-ext-parked-sites’= Web Extension Parked Sites; ‘web-ext-proxy-avoid-and-anonymizers’= Web Extension Proxy Avoid and Anonymizers; ‘web-ext-real-estate’= Web Extension Real Estate; ‘web-ext- reference-and-research’= Web Extension Reference and Research; ‘web-ext-search- engines’= Web Extension Search Engines; ‘web-ext-shopping’= Web Extension Shopping; ‘web-ext-social-network’= Web Extension Social Network; ‘web-ext- society’= Web Extension Society; ‘web-ext-software’= Web Extension Software; ‘web-ext-sports’= Web Extension Sports; ‘web-ext-streaming-media’= Web Extension Streaming Media; ‘web-ext-training-and-tools’= Web Extension Training and Tools; ‘web-ext-translation’= Web Extension Translation; ‘web-ext-travel’= Web Extension Travel; ‘web-ext-web-advertisements’= Web Extension Web Advertisements; ‘web-ext-web-based-email’= Web Extension Web based Email; ‘web- ext-web-hosting’= Web Extension Web Hosting; ‘web-ext-web-service’= Web Extension Web Service;

track_application

bool

Enable application statistic

uuid

str

uuid of the object

user_tag

str

Customized tag

sampling_enable

list

Field sampling_enable

counters1

str

‘all’= all; ‘hit-count’= Hit counts; ‘permit-bytes’= Permitted bytes counter; ‘deny-bytes’= Denied bytes counter; ‘reset-bytes’= Reset bytes counter; ‘permit-packets’= Permitted packets counter; ‘deny-packets’= Denied packets counter; ‘reset-packets’= Reset packets counter; ‘active-session-tcp’= Active TCP session counter; ‘active-session-udp’= Active UDP session counter; ‘active- session-icmp’= Active ICMP session counter; ‘active-session-other’= Active other protocol session counter; ‘session-tcp’= TCP session counter; ‘session- udp’= UDP session counter; ‘session-icmp’= ICMP session counter; ‘session- other’= Other protocol session counter; ‘active-session-sctp’= Active SCTP session counter; ‘session-sctp’= SCTP session counter; ‘hitcount-timestamp’= Last hit counts timestamp;

move_rule

dict

Field move_rule

location

str

‘top’= top; ‘before’= before; ‘after’= after; ‘bottom’= bottom;

target_rule

str

Field target_rule

oper

dict

Field oper

hitcount

int

Field hitcount

last_hitcount_time

str

Field last_hitcount_time

action

str

Field action

status

str

Field status

permitbytes

int

Field permitbytes

denybytes

int

Field denybytes

resetbytes

int

Field resetbytes

totalbytes

int

Field totalbytes

permitpackets

int

Field permitpackets

denypackets

int

Field denypackets

resetpackets

int

Field resetpackets

totalpackets

int

Field totalpackets

activesessiontcp

int

Field activesessiontcp

activesessionudp

int

Field activesessionudp

activesessionicmp

int

Field activesessionicmp

activesessionsctp

int

Field activesessionsctp

activesessionother

int

Field activesessionother

activesessiontotal

int

Field activesessiontotal

sessiontcp

int

Field sessiontcp

sessionudp

int

Field sessionudp

sessionicmp

int

Field sessionicmp

sessionsctp

int

Field sessionsctp

sessionother

int

Field sessionother

sessiontotal

int

Field sessiontotal

name

str

Rule name

stats

dict

Field stats

hit_count

str

Hit counts

permit_bytes

str

Permitted bytes counter

deny_bytes

str

Denied bytes counter

reset_bytes

str

Reset bytes counter

permit_packets

str

Permitted packets counter

deny_packets

str

Denied packets counter

reset_packets

str

Reset packets counter

active_session_tcp

str

Active TCP session counter

active_session_udp

str

Active UDP session counter

active_session_icmp

str

Active ICMP session counter

active_session_other

str

Active other protocol session counter

session_tcp

str

TCP session counter

session_udp

str

UDP session counter

session_icmp

str

ICMP session counter

session_other

str

Other protocol session counter

active_session_sctp

str

Active SCTP session counter

session_sctp

str

SCTP session counter

hitcount_timestamp

str

Last hit counts timestamp

name

str

Rule name

Status

  • This module is not guaranteed to have a backwards compatible interface. [preview]

  • This module is maintained by community.

Authors

  • A10 Networks 2021